CN102236762A - Method for processing file access for multi-tenancy application and file agent device - Google Patents

Method for processing file access for multi-tenancy application and file agent device Download PDF

Info

Publication number
CN102236762A
CN102236762A CN2010101687022A CN201010168702A CN102236762A CN 102236762 A CN102236762 A CN 102236762A CN 2010101687022 A CN2010101687022 A CN 2010101687022A CN 201010168702 A CN201010168702 A CN 201010168702A CN 102236762 A CN102236762 A CN 102236762A
Authority
CN
China
Prior art keywords
file
tenant
access request
folder
conversion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010101687022A
Other languages
Chinese (zh)
Inventor
安文豪
郭常杰
高波
王志虎
马哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to CN2010101687022A priority Critical patent/CN102236762A/en
Priority to US13/097,881 priority patent/US20110270886A1/en
Publication of CN102236762A publication Critical patent/CN102236762A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention relates to a multi-tenancy technology, and discloses a method for processing a file access request for multi-tenancy application by using a file agent and a response file agent device. The method comprises the following steps of: intercepting the file access request; converting the file access request based on a predetermined file isolating model; and transmitting the converted file access request to an operating system. By adopting the method, the requirement of amending source codes of application in order to support operation under a multi-tenancy model by a single tenant can be reduced. The invention also provides a multi-tenancy file system which is suitable for the multi-tenancy application. The method and the file agent device disclosed by the invention are used in association with the multi-tenancy file system, so that isolation and access control of tenant files of different SLA (Service Lever Agreement) can be supported and met better.

Description

Be used to handle the method and the File Agent device of the file access that many tenants are used
Technical field
The present invention relates to many tenants technology, more specifically relate to a kind of method and apparatus that is used to handle the file access that many tenants use.
Background technology
Software is as service (SaaS-Software as a Service), by many tenants (MT-Multi-Tenancy) technology, user to software provides many tenants to use, the i.e. single instance of software applications on service provider's server, by this single instance is that a plurality of tenants (for example tissue of enterprise and so on) provide the software application service, can reduce the expense of exploitation, deployment and the operation of software application thus.
Use for many tenants, major issue is how under the situation that satisfies the diversified service level agreement of tenant (SLA-Service Level Agreements), the control tenant is to the visit of file, wherein relates to aspects such as the sharing of file, safety isolation, upgradability.Support the operation under many tenants model in order to make single tenant use (or claiming application program), for example file access can be revised the source code of application.
Summary of the invention
The inventor finds, revise the source code of application in order to make single tenant use the operation under (or claiming application program) many tenants of support model, itself is not safe behavior just, also stays easily by the leak of assault, and tenant's file is perfectly safe under very difficult many tenants of assurance model.
For this reason, the various embodiments of the present invention fundamental purpose is to make application support many tenants to use to the file operation of file system under the situation that does not change the original code of traditional single tenant's application program, to satisfy the requirement of file system to the safety isolation between the tenant, diversified SLA and upgradability.
For this reason, general plotting of the present invention is that enhancing is used for the middleware of access file system, has especially utilized the agency mechanism of JAVA virtual machine, and the file access interface that tradition is used to be provided according to JVM is provided.
According to one aspect of the present invention, provide a kind of with the method for File Agent processing to the file access request of many tenants' application, comprise the following step of carrying out by described File Agent:
Intercept and capture described file access request;
Based on predetermined file isolation model, change described file access request;
To be sent to operating system through the file access request of conversion.
According to another aspect of the present invention, a kind of File Agent device that is used to handle the file access request that many tenants are used is provided, comprise:
Intercept and capture module, be used to intercept and capture the file access request;
Modular converter is used for based on predetermined file isolation model, convert file request of access;
Delivery module is used for the file access request through conversion is sent to operating system.
Explicitly, the present invention also proposes a kind of many tenants file system that many tenants use that is suitable for, this many tenants file system is used in combination with method of the present invention and File Agent device, can support to satisfy the isolation and the access control of tenant's file of different SLA better.
Description of drawings
Set forth the creative feature that is considered to characteristics of the present invention in the claims.But, below reading by the reference accompanying drawing to detailed description of illustrative embodiments can understand better invention itself with and use pattern, other target, feature and advantage, in the accompanying drawings:
Figure 1A and 1B represent a kind of mode of the file access that many tenants of existing techniques in realizing use;
Fig. 2 represents the process flow diagram according to one embodiment of the present of invention;
Fig. 3 A represents the file system of a file form;
Fig. 3 B exemplarily represents a MT file system according to the embodiment of the invention;
Fig. 4 represents that embodiment of the inventive method constructs the process flow diagram of MT file system;
Fig. 5 exemplarily represents the example of Access Control List (ACL);
Fig. 6 exemplarily represents the mapping of tenant and tenant folder;
Fig. 7 shows the schematic block diagram according to the device of one embodiment of the invention;
Fig. 8 is a File Agent device synoptic diagram; And
Fig. 9 is another embodiment synoptic diagram of the present invention.
Embodiment
Embodiments of the invention are described with reference to the accompanying drawings.In the following description, many details have been set forth so that more fully understand the present invention.But for those skilled in the art clearly, realization of the present invention can not have these details.In addition, should be understood that the present invention is not limited to the specific embodiment introduced.On the contrary, can consider to implement and put into practice the present invention with the combination in any of following feature and element.And no matter whether they relate to different embodiment.Therefore, following aspect, feature, embodiment and advantage for illustrative purposes only usefulness and should not be counted as the key element or the qualification of claims, unless clearly propose in the claim.
Figure 1A and 1B schematically show a kind of mode that conventional art is realized the file access that many tenants use.Shown in Figure 1A, application program 100 is a kind of a part of application programs that are suitable for single tenant's application of model, and its function is the file (" viewFile (StringfileName) ") of access file " fileName " by name.
Under single tenant's model, between a plurality of tenants, do not isolate the problem of tenant's file.Yet, for support application program 100 can be used by a plurality of tenants under many tenants model, to in application program 100, increase by one section code, or claim MT to strengthen code 10a, thus application program 100 be converted to the application program 101 that is suitable for the file access under the MT model.
MT strengthens the function of code 10a, is based on according to the tenant's file isolation model under many tenants model the file destination name that the tenant who obtains to visit with demand file by filename " filename " is associated, for example " tenantTargetFileName ".MT strengthens the logic of code 100-A, because of tenant's file isolation method different.
Figure 1B represents to realize on a service platform according to prior art the example of the file access of application program 101.Shown in Figure 1B, this service platform comprises Web Application Server (WAS) and at the java of WAS deploy virtual machine (JVM), and operating system (OS) and file system (FS).
Comprise the application of application program 101, be deployed on the Web Application Server WAS.Under this deployment, handle the file access of application program 101 in the following manner.
111. tenant (or user of tenant) sends the file access request, the file access request comprises filename.The file access request can also comprise other parameter, for example access type etc.
112. application program 101 sends the file access request to JVM, the file access request comprises the file destination name.
Described like that in conjunction with Fig. 1 as mentioned, the file destination name strengthens code 10a by MT and is converted by filename.
113.JVM the file access request is sent to operating system.
114. operating system is handled the file access request, and result is returned JVM.
115.JVM result is turned back to application program.
Fig. 2 represents to realize on a service platform according to embodiments of the invention the example of the file access of application program 100.Service platform shown in Figure 2 and shown in Figure 1 basic identical, different is, be deployed in the application on the Web Application Server WAS, comprise be shown in Figure 1B not the conversion before application 100, and in virtual machine (JVM) deploy a File Agent 200.
According to one embodiment of the present of invention, under this deployment, handle the file access of application program 101 in the following manner.
211. tenant (or user of tenant) sends the file access request, the file access request comprises filename.
212. application program 100 sends the file access request to JVM, the file access request comprises filename;
File Agent 200 is intercepted and captured this document request of access, and the convert file request of access for example is converted to the file destination name with the filename in the file access request.
213. the file access request that File Agent 200 will have been changed is sent to operating system.
For example, JVM calls the method that the file I/O that has injected the MT interrelated logic is realized class definition, and is mutual with the application programming interfaces (API) of operating system, and the file access request is sent to operating system.
214. the operating system treatment conversion the file access request, result is returned JVM.
215.JVM result is turned back to application program.
Compare with the method shown in Figure 1B, the method for handling the file access request that many tenants are used with File Agent of the embodiment of the invention is characterised in that and comprises following steps:
Intercept and capture the file access request;
Based on predetermined file isolation model, convert file request of access;
To be sent to operating system through the file access request of conversion.
According to one embodiment of the present of invention, File Agent 200 is deployed on the JVM.In this case, File Agent 200 can be intercepted and captured the file access request in the following manner.
Whether File Agent 200 monitoring JVM will load a file I/O is realized class definition (file/IO implement class).
Many tenants use is by with java code call file I/O interface (file/IOinterface), sends the file access request to JVM.As the response to this document request of access, JVM will load a file I/O and realize class definition.The person of ordinary skill in the field knows that file I/O realizes that class definition comprises parameters such as method, attribute, variable, and JVM is by the method for file I/O realization class definition, and is mutual with the application programming interfaces of operating system, comes operation document system.
According to embodiments of the invention, if monitoring JVM, File Agent 200 will realize class definition by load document IO, just the file I/O that will load to JVM is realized the method for class definition, injects file access request conversion logic.
Described those skilled in the art know, the processing that this feasible file access request conversion logic that injects just can be correlated with before the bottom visit.
The file access request conversion logic that injects will be based on predetermined file isolation model, convert file request of access.
The mode of convert file request of access, because of concrete realization different, especially relevant with the file isolation model that is adopted.
According to one embodiment of the present of invention, can obtain predetermined file isolation model by following steps: the tenant's of file access request sign is sent in identification; According to tenant's sign, obtain corresponding tenant's metadata; From tenant's metadata, obtain predetermined file isolation model.
For example,, can verify the user, when this user of checking is user of legal registration tenant, obtain tenant's sign of the affiliated registration tenant of this user by inquiry tenant's log-on message for the user of operational applications.
Described those skilled in the art know, verify the user usually when the user logins, can be during the user conversation after the login, and the tenant of the validated user that is obtained during with login identifies preservation.Like this, no matter whenever the send file access request of user during user conversation can both obtain the tenant's sign of tenant under it.
According to one embodiment of the present of invention, file access request conversion logic is converted to the file destination name to the filename in the file access request based on predetermined file isolation model, and its process can strengthen the same or similar of code 10a with the MT among Figure 1A.Produced file access request thus through conversion.Obviously, the content of file access request conversion logic is not limited thereto.
According to embodiments of the invention, JVM can realize the method for class definition by calling the file I/O that has injected file access request conversion logic, will be sent to the application programming interfaces of operating system through the file access request of conversion.
According to embodiments of the invention, file access request conversion logic can be determined the file destination for the indication of file destination name further according to the access control list ACL in tenant's metadata, whether conforms with authority through the file access request of changing.
If conform with authority, then transmit file access request through conversion; Otherwise, just do not transmit file access request through conversion.For example, if the file access request will be revised a unchangeable file, for example the application layer file does not then transmit this document request of access to operating system.
Certainly, the person of ordinary skill in the field knows that operating system also can determine whether to accept the file access request with reference to ACL when operation document system.Yet,, be the resource of saving operating system potentially transmitting the added advantage of filtering before the file access request to operating system.
As indicated above, as MT strengthens code 10a, realize the file access request conversion logic that the method for class definition is injected according to the file I/O that the File Agent 200 of the embodiment of the invention will load to JVM, file isolation model or the mode used with many tenants have confidential relation.
The example that can combine the file isolation model of implementing with the above-mentioned method of handling the file access request that many tenants are used with File Agent according to of the present invention hereinafter will be described.
The at first simple file structure of using of introducing.Following table is the fragment of the application file structure of an exemplary filesystem.
Numbering Use The path Whether use
The level file
?1 ?CRM Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WEB-INF/* Y
?2 ?CRM Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/Documents/* N
?3 ?CRM Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/Documents/logo.jpg N
?4 ?CRM Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WEB-INF/web.xml Y
?5 ?SFA Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WEB-INF/* Y
?6 ?SFA Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WEB-INF/web.xml N
?7 ?SFA Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Sfa/Documents/logo.jpg N
?8 ?SFA Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/Images/* N
Each hurdle in the table from left to right, the schematically numbering of the file in the files listed system, affiliated application, path, attribute (for example whether belonging to the application layer file).For example, from the file " web.xml " that is numbered " 4 ", be an application layer file using " CRM ", the path is " Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WE B-INF/web.xml ".The application layer file belongs to system file, does not allow the user that it such as is deleted/revise at operation usually.
Content in the table also can be represented with the file form.File is a kind of file structure of common form.Referring to Fig. 3 A, this figure schematically shows the file system 300 of a file form.For example, as shown in the figure, the folder path at application layer file " web.xml " 301 places is " Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/WE B-INF/web.xml ".And for example, the folder path at tenant's level file " a.txt " place is " Opt/IBM/Websphere/Profiles/AppSrv01/InstalledApps/Crm/Do cuments/uphold ".In many tenants system, can isolate tenant's level file by the tenant, support different tenants that different " a.txt " files is arranged.
Fig. 3 B exemplarily represents a MT file system 310 according to the embodiment of the invention.As shown in the figure, MT file system 310 comprises application file folder f0 and tenant folder f_T1, f_T2 and f_T3.
Illustrate that as Fig. 3 B f0 is the same with the file system 300 of Fig. 2 A for the application file folder, comprises the All Files of an application, wherein, the file " Web.xml " 301 under sub-directory " WEB-INF " is application layer files.
Tenant folder f_T1 is the file of tenant T1, the structure of tenant folder f_T1 and application file folder f0 are roughly the same, different is, according to an embodiment of the invention, shown in the dotted line among the figure 312, file among the tenant folder f_T1 " Web.xml " is a link of pointing to the file " Web.xml " 301 among the application file folder f0.
Similarly, tenant folder f_T2 and f_T3 are respectively the file of tenant T2 and the file of tenant T3, and they all comprise an application layer file " Web.xml " with chained representation separately.
Show also among the figure that in this embodiment, application file folder f0 and tenant folder f_T3 lay respectively on the independent physical storage medium, for example on the disk; And tenant folder f_T1 and tenant folder f_T2 share a physical storage medium.
According to one embodiment of the present of invention, file system 210 shown in Figure 2 can realize with MT file system 310.
Below in conjunction with the process flow diagram of Fig. 4, the construction process of MT file system 310 is described.
According to the MT file system 310 of the embodiment of the invention, comprise application file folder and tenant folder.According to embodiments of the invention, can create before the tenant folder, can analyze the structure of existing file system earlier and make up the application file folder that many tenants use, this both can carry out by hand, also can adopt existing document structure analysis device in the prior art.The document structure analysis device can be analyzed the structure of given file system, and for example the path of each file also analyzes the affiliated many tenants of each file thus and uses.Thereby make up the application file folder of using corresponding to many tenants.
According to embodiments of the invention, the document structure analysis device can also be discerned the application layer file in the application file folder.In fact, whether the developer just can belong to the application layer file to certain file and make suitable mark when application being designed and programme.Like this, the application layer file be discerned or be identified to the document structure analysis device just can easily according to such mark.
The structure of MT file system 310 can respond the tenant and pull subscription and use many tenants to use and carry out.In short, comprise following process:
Analyze the file system that many tenants use, make up the application file folder that many tenants use;
According to tenant's SLA and application file folder, the tenant folder of tenant's special use is set; Selected file is copied to tenant folder from the application file folder;
In many tenants metadata, preserve the mapping relations between application file folder name and tenant and the tenant folder.
Represent a more detailed embodiment who realizes said process as Fig. 4.As shown in the figure, in step 401,, this tenant's tenant folder is set according to tenant's SLA.This tenant folder at be that the many tenants that the tenant orders use, by this tenant's special use.
SLA has been provided by the service level that provides for the particular requirement that satisfies the tenant.Usually, can register to use new tenant provides or defines SLA when the tenant uses more than one, and this SLA can be stored in this tenant's the metadata.
According to one embodiment of the present of invention, the size of data of tenant folder can be set according to SLA.
According to one embodiment of the present of invention, can distribute the physical location at tenant folder place according to SLA, this position can be the physical medium of sharing with other tenant, also can be the physical medium of this tenant's special use, for example hyperdisk etc.
In step 403, the file with in many tenants' the application file folder copies in the tenant folder.Can duplicate selected file, for example: the application layer file; The distinctive file of tenant; The revisable pre-spanned file of tenant, for example configuration file of Ding Zhihuaing.
According to an embodiment,, then only in tenant folder, set up the link of the file that points to many tenants application file folder if selected file is the application layer file.
In step 405, set up the access control list (ACL) of tenant folder, stipulated access rights among the ACL to file.For example stipulate in ACL that the tenant can only carry out read operation to the application layer file of the link in the tenant folder.
Fig. 5 has schematically shown the example of some ACL with the form of tabulation.For example, tenant's number of the account of T1 is abc, this tenant can visit tenant folder dev1/T1_Crm and tenant folder dev1/T1_Sfa, but can only carry out read operation to " dev1/T1_Crm/WEB-INF/web.xml " concrete in the file and " dev1/T1_Sfa/WEB-INF/web.xml ", can not make amendment or deletion action.
According to one embodiment of the present of invention, can be for the tenant create tenant's account number in operating system, and authorize the access rights of tenant's account number to the file under the tenant folder.
Return Fig. 4,, in many tenants metadata, preserve the parameter that is provided with of tenant folder in step 407.As indicated above, parameter is set for example comprises the mapping relations of preserving tenant and tenant folder.
Can tabulate with tenant folder shown in Figure 6 and represent the mapping relations of tenant and tenant folder.For example, the sequence number of the table among Fig. 6 is the line display at 1 place, and the tenant folder of tenant " T1 " when using application " Crm " is " dev1/T1_Crm ".
In addition, can in many tenants metadata, preserve the access control list ACL of the file of tenant folder, stipulate that wherein the tenant can only carry out read operation to the application layer file of the link in the tenant folder.
In addition, can also in many tenants metadata, preserve following configuration parameter and about the data of MT file system, for example, the final assignment position of the size of data of tenant folder or/and tenant folder; Application file folder name; The tenant's account number and the password that are used for access file, this is the file access authority that is provided with in order to prevent the tenant from directly signing in to the Operational System Control file.
The result of aforesaid operations generates a MT file system 310 shown in Fig. 3 B.
In MT file system of the present invention, the application file folder is intactly preserved all files, has guaranteed integrality thus.And adopted the tenant folder that links in inside, and for example correspond respectively to tenant folder f_T1, f_T2 and the f_T3 of tenant T1, T2 and T3 in the MT file system 210, constituting three can be by the independent subfile system of operating system access.In specific implementation, tenant folder can be presented as a disk, also can be presented as a file on the disk.Because tenant folder is the independent subfile system that can visit separately.Therefore, operating system can be handled described file access request at this tenant folder by the ACL in tenant's metadata, for example the file in the tenant folder is carried out read/write operation, perhaps forbids some file is made amendment or deletion action.
More than described the method for the file access that is used for many tenants' application according to an embodiment of the invention, be to be noted that above description only is example, rather than limitation of the present invention.In other embodiments of the invention, that this method can have is more, still less or different steps, and the order between each step can be with described different.For example, in some embodiments of the invention, can there be above-mentioned one or more optional step.The concrete executive mode of each step can be with described different.All these variations all are within the spirit and scope of the present invention.
According to identical inventive concept, the present invention also proposes a kind of File Agent device that is used to handle the file access request that many tenants are used.
7 descriptions are used for the File Agent device of the file access of many tenants' application according to an embodiment of the invention with reference to the accompanying drawings.
As shown in Figure 8, this document agent apparatus 700 comprises: intercept and capture module 710, modular converter 720 and delivery module 730, wherein, intercept and capture module 710 and be used to intercept and capture the file access request; Modular converter 720 is used for based on predetermined file isolation model, convert file request of access; Delivery module 730 is used for the file access request through conversion is sent to operating system.
According to one embodiment of the invention, described intercepting and capturing module 710 comprises: monitoring device 711 and injection device 712, the former is used to monitor JVM and whether responds many tenants and use by calling the file I/O interface and send the file access request to JVM and want load document IO realization class definition, the latter is used for the monitoring result according to monitoring device 712, when JVM wanted load document IO to realize class definition, the file I/O that will load to JVM realized that the method for class definition injects file access request conversion logic.
According to one embodiment of the invention, conversion equipment 720 is realized the method for class definition by the file I/O that has injected file access request conversion logic, based on predetermined file isolation model, convert file request of access.
According to one embodiment of the present of invention, delivery module 730 comprises a calling module 731, be used to call the file I/O that has injected file access request conversion logic and realize the method for class definition, will be sent to the application programming interfaces of operating system through the file access request of conversion.
According to embodiments of the invention, File Agent device 700 also can further comprise: identification module is used to discern the tenant's who sends the file access request sign; And acquisition module, be used for sign according to the tenant, obtain corresponding tenant's metadata, from tenant's metadata, obtain predetermined file isolation model.
As the person of ordinary skill in the field is understood that, identification module and acquisition module are in File Agent device 700, can dispose separately, cooperate with other functional blocks, also can combine together with other modules, for example,, clearly do not indicate identification module and acquisition module in the drawings for the essence of the outstanding embodiment of the invention as the part of modular converter 720.
According to one embodiment of the present of invention, conversion equipment 720 further based on the predetermined file isolation model that acquisition module obtained, is converted to the file destination name to the filename in the file access request, thereby obtains the file access request through conversion.
According to one embodiment of the invention, File Agent device 700 further comprises access control module, be used for access control list ACL, determine file destination, whether conform with authority through the file access request of changing for the indication of file destination name according to tenant's metadata.Delivery module 730 only transmits the file access request through conversion that conforms with authority according to definite result of access control module.
As the person of ordinary skill in the field is understood that, access control module is in File Agent device 700, can dispose separately, cooperate with other functional blocks, also can combine together with other modules, for example,, also omitted expression among the figure to access control module for the essence of the outstanding embodiment of the invention as the part of delivery module 730.
According to embodiments of the invention, in the related predetermined file isolation model of the operation of File Agent device 700, the tenant that many tenants use has special-purpose file, and in many tenants metadata, comprises the configuration parameter of tenant folder.
According to one embodiment of the present of invention, above-mentioned tenant's dedicated folder can be by setting up by following manner: analyze the file system that many tenants use, make up the application file folder that many tenants use; According to tenant's SLA and application file folder, the tenant folder of tenant's special use is set, selected file is copied to tenant folder from the application file folder; In many tenants metadata, preserve the mapping relations between application file folder name and tenant and the tenant folder.
File Agent device 700 mentioned above and various embodiment thereof can be used for realizing the method for the file access that the many tenants of above-described processing according to various embodiments of the invention use.For simplicity's sake, in above description to File Agent device 700 and various embodiment thereof, omitted with description above to correlation method in the partial content that repeats.Therefore, can understand the details of this device referring to above description about correlation method.Therefore, more than only be exemplary to the description of File Agent device 700 and various embodiment thereof and diagram, rather than limitation of the present invention.In other embodiments of the invention, that this device can have is more, still less or different modules, and the connection between each module or relation of inclusion can with describe and illustrated different.
The present invention can hardware, software or hardware are realized with the mode that combines of software.The present invention can realize in a computer system in a concentrated manner, or realize that with distribution mode in this distribution mode, different component distribution is in the computer system of several interconnected.Any computer system or other device that are suitable for carrying out the method for describing herein all are suitable.A kind of combination of typical hardware and software can be the general-purpose computing system that has computer program, when this computer program is loaded and carries out, controls this computer system and makes it carry out method of the present invention, and constitute device of the present invention.
Present invention may also be embodied in the computer program, this program product comprises all features that enable to realize the method described herein, and when it is loaded in the computer system, can carry out described method.
Although specifically illustrated and illustrated the present invention with reference to preferred embodiment, those technician in this area should be understood that and can carry out various changes and can not deviate from the spirit and scope of the present invention it in form and details.

Claims (21)

1. handle the method for the file access request that many tenants are used with File Agent for one kind, comprise the following step of carrying out by described File Agent:
Intercept and capture described file access request;
Based on predetermined file isolation model, change described file access request;
To be sent to operating system through the file access request of conversion.
2. the process of claim 1 wherein that File Agent is the File Agent on the java virtual machine JVM, the step of described intercepting and capturing file access request comprises:
Want load document IO to realize class definition in response to monitoring JVM, realize the method injection file access request conversion logic of class definition to the described file I/O that will load; Wherein, JVM responds many tenants' application and wants load document IO realization class definition by calling the file I/O interface to JVM transmission file access request.
3. the method for claim 2 wherein, realizes the method for class definition by the file I/O that has injected file access request conversion logic, based on predetermined file isolation model, convert file request of access.
4. the method for claim 3, wherein, the described step that will be sent to operating system through the file access request of conversion comprises:
Method by the file I/O realization class definition of having injected file access request conversion logic will be sent to the application programming interfaces of operating system through the file access request of conversion.
5. one of any method of claim 1-4 further comprises following steps:
The tenant's of file access request sign is sent in identification;
According to tenant's sign, obtain corresponding tenant's metadata;
From tenant's metadata, obtain predetermined file isolation model.
6. the method for claim 5, wherein, described convert file request of access comprises based on the predetermined file isolation model that is obtained, and the filename in the file access request is converted to the file destination name, thereby obtains the file access request through conversion.
7. the method for claim 5 further comprises:
According to the access control list ACL in tenant's metadata, determine file destination for the indication of file destination name, whether the file access request through conversion conforms with authority, and, describedly will be sent to the step of operating system, only transmit the file access request that conforms with authority through conversion through the file access request of conversion.
8. one of any method of claim 1-4, wherein, according to described predetermined file isolation model, the tenant that many tenants use has special-purpose file, and in many tenants metadata, comprises the configuration parameter of tenant folder.
9. the method for claim 8, wherein, tenant's dedicated folder is set up by following manner:
Analyze the file system that many tenants use, make up the application file folder that many tenants use;
According to tenant's SLA and application file folder, the tenant folder of tenant's special use is set, selected file is copied to tenant folder from the application file folder;
In many tenants metadata, preserve the mapping relations between application file folder name and tenant and the tenant folder.
10. the method for claim 9, wherein, described selected file comprise following one of at least: the application layer file; The distinctive file of tenant; The revisable pre-spanned file of tenant.
11. the method for claim 9 further comprises: in many tenants metadata, preserve the access control list ACL of the file of tenant folder, stipulate that wherein the tenant can only carry out read operation to the application layer file of the link in the tenant folder.
12. the method for claim 9, wherein, described configuration parameter comprise following one of at least: the final assignment position of the size of data of tenant folder, tenant folder.
13. a File Agent device that is used to handle the file access request that many tenants are used comprises:
Intercept and capture module, be used to intercept and capture the file access request;
Modular converter is used for based on predetermined file isolation model, convert file request of access;
Delivery module is used for the file access request through conversion is sent to operating system.
14. the File Agent device of claim 13, wherein, described intercepting and capturing module comprises:
Monitoring device is used to monitor JVM and whether responds many tenants and use by calling the file I/O interface and send the file access request to JVM and want load document IO realization class definition;
Injection device is used for the monitoring result according to monitoring device, realizes the method injection file access request conversion logic of class definition to the described file I/O that will load.
15. the File Agent device of claim 14, wherein, conversion equipment is realized the method for class definition by the file I/O that has injected file access request conversion logic, based on predetermined file isolation model, convert file request of access.
16. the File Agent device of claim 15, wherein, delivery module comprises:
Calling module is used to call the method that the file I/O that has injected file access request conversion logic is realized class definition, will be sent to the application programming interfaces of operating system through the file access request of conversion.
17. one of any File Agent device of claim 13-16 further comprises:
Identification module is used to discern the tenant's who sends the file access request sign;
Acquisition module is used for the sign according to the tenant, obtains corresponding tenant's metadata, obtains predetermined file isolation model from tenant's metadata.
18. the File Agent device of claim 17, wherein, conversion equipment further based on the predetermined file isolation model that acquisition module obtained, is converted to the file destination name to the filename in the file access request, thereby obtains the file access request through conversion.
19. the File Agent device of claim 17, further comprise access control module, be used for access control list ACL according to tenant's metadata, determine file destination for the indication of file destination name, whether the file access request through conversion conforms with authority, and described delivery module only transmits the file access request through conversion that conforms with authority.
20. one of any File Agent device of claim 13-16, wherein, according to predetermined file isolation model, the tenant that many tenants use has special-purpose file, and in many tenants metadata, comprises the configuration parameter of tenant folder.
21. the File Agent device of claim 20, wherein, tenant's dedicated folder is set up by following manner:
Analyze the file system that many tenants use, make up the application file folder that many tenants use;
According to tenant's SLA and application file folder, the tenant folder of tenant's special use is set, selected file is copied to tenant folder from the application file folder;
In many tenants metadata, preserve the mapping relations between application file folder name and tenant and the tenant folder.
CN2010101687022A 2010-04-30 2010-04-30 Method for processing file access for multi-tenancy application and file agent device Pending CN102236762A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2010101687022A CN102236762A (en) 2010-04-30 2010-04-30 Method for processing file access for multi-tenancy application and file agent device
US13/097,881 US20110270886A1 (en) 2010-04-30 2011-04-29 Mechanism and apparatus for transparently enables multi-tenant file access operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101687022A CN102236762A (en) 2010-04-30 2010-04-30 Method for processing file access for multi-tenancy application and file agent device

Publications (1)

Publication Number Publication Date
CN102236762A true CN102236762A (en) 2011-11-09

Family

ID=44859151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101687022A Pending CN102236762A (en) 2010-04-30 2010-04-30 Method for processing file access for multi-tenancy application and file agent device

Country Status (2)

Country Link
US (1) US20110270886A1 (en)
CN (1) CN102236762A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103106677A (en) * 2011-11-14 2013-05-15 北大方正集团有限公司 Processing method and processing system of full-page proof result output file
CN103577457A (en) * 2012-07-31 2014-02-12 国际商业机器公司 Method and system for controlling multi-tenant database
CN106339633A (en) * 2015-02-24 2017-01-18 国际商业机器公司 Method and equipment for user controlling
CN106909441A (en) * 2017-02-28 2017-06-30 焦点科技股份有限公司 The method that a kind of direct I/O of disk based on JVM is accessed
CN108140087A (en) * 2015-09-28 2018-06-08 微软技术许可有限责任公司 Use the multi-tenant environment of the trust boundaries component of pre-read
CN108881111A (en) * 2017-05-10 2018-11-23 中兴通讯股份有限公司 A kind of method and device for realizing multi-tenant system
CN109496415A (en) * 2018-03-23 2019-03-19 华为技术有限公司 A kind of virtual machine access distal end acceleration equipment method and system
CN109684868A (en) * 2018-12-03 2019-04-26 成都睿码科技有限责任公司 The authority setting method of ACL multi-tenant system
CN110088743A (en) * 2016-12-16 2019-08-02 国际商业机器公司 Tape processing is unloaded to object storage
CN110266643A (en) * 2014-01-31 2019-09-20 微软技术许可有限责任公司 Signature verification based on tenant
CN113660315A (en) * 2021-07-28 2021-11-16 北京宝兰德软件股份有限公司 Cloud computing service providing method, device, equipment and readable storage medium
CN114462069A (en) * 2022-04-12 2022-05-10 北京天维信通科技有限公司 Multi-level tenant resource access management method, system, intelligent terminal and storage medium
US11343200B2 (en) 2014-01-21 2022-05-24 Oracle International Corporation System and method for supporting multi-tenancy in an application server, cloud, or other environment
US11477278B2 (en) 2014-06-24 2022-10-18 Oracle International Corporation System and method for supporting partitions in a multitenant application server environment
WO2023216989A1 (en) * 2022-05-11 2023-11-16 华为技术有限公司 Method for converting file format, and electronic device

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8539078B2 (en) * 2010-07-08 2013-09-17 International Business Machines Corporation Isolating resources between tenants in a software-as-a-service system using the estimated costs of service requests
WO2013025556A1 (en) 2011-08-12 2013-02-21 Splunk Inc. Elastic scaling of data volume
US9244951B2 (en) 2012-03-08 2016-01-26 International Business Machines Corporation Managing tenant-specific data sets in a multi-tenant environment
GB2503486A (en) 2012-06-28 2014-01-01 Ibm Managing changes to files
US9710626B2 (en) 2012-07-06 2017-07-18 International Business Machines Corporation Security model for network information service
US9692858B2 (en) * 2012-07-17 2017-06-27 International Business Machines Corporation Security model for a memory of a network information system
CN102833234A (en) * 2012-08-08 2012-12-19 浪潮集团有限公司 Access control method for multi-tenant cloud storage devices
US9772835B1 (en) * 2013-03-13 2017-09-26 Amazon Technologies, Inc. Modification of program code for execution in a multi-tenant or distributed computing environment
US20140331337A1 (en) * 2013-05-02 2014-11-06 International Business Machines Corporation Secure isolation of tenant resources in a multi-tenant storage system using a gatekeeper
CN104950696A (en) * 2015-07-15 2015-09-30 上海核工程研究设计院 System and method for converting control logic design data into control logic simulation verification platform files
US10095875B2 (en) * 2015-08-28 2018-10-09 Vmware, Inc. Multi-level access control for distributed storage systems
US10628602B2 (en) * 2015-12-28 2020-04-21 Quest Software Inc. Controlling content modifications by enforcing one or more constraint links
US10305861B2 (en) 2016-08-29 2019-05-28 Microsoft Technology Licensing, Llc. Cross-tenant data leakage isolation
US9612927B1 (en) * 2016-09-14 2017-04-04 International Business Machines Corporation Managing server processes with proxy files
US10558641B2 (en) 2017-04-21 2020-02-11 Microsoft Technology Licensing, Llc Trigger system for databases using proxy
CN108093026B (en) 2017-11-17 2020-04-07 阿里巴巴集团控股有限公司 Method and device for processing multi-tenant request
US11165764B2 (en) 2019-05-09 2021-11-02 Open Text Sa Ulc Data isolation and two-factor access control
US10938780B1 (en) 2020-03-04 2021-03-02 Snowflake Inc. Secure message exchange between deployments
CN112995126A (en) * 2021-01-25 2021-06-18 上海契云科技有限公司 Management method for supporting multiple data isolation strategies by multi-tenant platform
CN113114685B (en) * 2021-04-14 2021-11-02 北京滴普科技有限公司 Safe sandbox system supporting safe fusion of multiple data sources
CN113965383B (en) * 2021-10-21 2024-03-15 平安国际智慧城市科技股份有限公司 Tenant data access management method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5113442A (en) * 1989-03-06 1992-05-12 Lachman Associates, Inc. Method and apparatus for providing access control in a secure operating system
US6195650B1 (en) * 2000-02-02 2001-02-27 Hewlett-Packard Company Method and apparatus for virtualizing file access operations and other I/O operations
US6208991B1 (en) * 1998-08-26 2001-03-27 International Business Machines Corporation Dynamic file mapping for network computers
US20070083620A1 (en) * 2005-10-07 2007-04-12 Pedersen Bradley J Methods for selecting between a predetermined number of execution methods for an application program
US20100005443A1 (en) * 2008-07-07 2010-01-07 Kwok Thomas Y System and Methods to Create a Multi-Tenancy Software as a Service Application

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7783665B1 (en) * 2002-03-27 2010-08-24 Parallels Holdings, Ltd. Effective file-sharing among virtual environments
US20090138480A1 (en) * 2007-08-29 2009-05-28 Chatley Scott P Filing system and method for data files stored in a distributed communications network
US8291490B1 (en) * 2008-06-30 2012-10-16 Emc Corporation Tenant life cycle management for a software as a service platform

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5113442A (en) * 1989-03-06 1992-05-12 Lachman Associates, Inc. Method and apparatus for providing access control in a secure operating system
US6208991B1 (en) * 1998-08-26 2001-03-27 International Business Machines Corporation Dynamic file mapping for network computers
US6195650B1 (en) * 2000-02-02 2001-02-27 Hewlett-Packard Company Method and apparatus for virtualizing file access operations and other I/O operations
US20070083620A1 (en) * 2005-10-07 2007-04-12 Pedersen Bradley J Methods for selecting between a predetermined number of execution methods for an application program
US20100005443A1 (en) * 2008-07-07 2010-01-07 Kwok Thomas Y System and Methods to Create a Multi-Tenancy Software as a Service Application

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103106677A (en) * 2011-11-14 2013-05-15 北大方正集团有限公司 Processing method and processing system of full-page proof result output file
CN103577457A (en) * 2012-07-31 2014-02-12 国际商业机器公司 Method and system for controlling multi-tenant database
US9372883B2 (en) 2012-07-31 2016-06-21 International Business Machines Corporation Manipulation of multi-tenancy database
US11683274B2 (en) 2014-01-21 2023-06-20 Oracle International Corporation System and method for supporting multi-tenancy in an application server, cloud, or other environment
US11343200B2 (en) 2014-01-21 2022-05-24 Oracle International Corporation System and method for supporting multi-tenancy in an application server, cloud, or other environment
CN110266643B (en) * 2014-01-31 2021-11-23 微软技术许可有限责任公司 Tenant-based signature verification
CN110266643A (en) * 2014-01-31 2019-09-20 微软技术许可有限责任公司 Signature verification based on tenant
US11477278B2 (en) 2014-06-24 2022-10-18 Oracle International Corporation System and method for supporting partitions in a multitenant application server environment
CN106339633A (en) * 2015-02-24 2017-01-18 国际商业机器公司 Method and equipment for user controlling
CN106339633B (en) * 2015-02-24 2019-05-31 国际商业机器公司 Method and apparatus for user's control
CN108140087A (en) * 2015-09-28 2018-06-08 微软技术许可有限责任公司 Use the multi-tenant environment of the trust boundaries component of pre-read
CN108140087B (en) * 2015-09-28 2021-09-28 微软技术许可有限责任公司 Multi-tenant environment using pre-read trust boundary components
CN110088743A (en) * 2016-12-16 2019-08-02 国际商业机器公司 Tape processing is unloaded to object storage
CN106909441B (en) * 2017-02-28 2020-10-02 焦点科技股份有限公司 Disk direct I/O access method based on JVM
CN106909441A (en) * 2017-02-28 2017-06-30 焦点科技股份有限公司 The method that a kind of direct I/O of disk based on JVM is accessed
CN108881111A (en) * 2017-05-10 2018-11-23 中兴通讯股份有限公司 A kind of method and device for realizing multi-tenant system
CN109496415B (en) * 2018-03-23 2021-02-09 华为技术有限公司 Method and system for accessing remote acceleration equipment by virtual machine
CN109496415A (en) * 2018-03-23 2019-03-19 华为技术有限公司 A kind of virtual machine access distal end acceleration equipment method and system
CN109684868A (en) * 2018-12-03 2019-04-26 成都睿码科技有限责任公司 The authority setting method of ACL multi-tenant system
CN113660315A (en) * 2021-07-28 2021-11-16 北京宝兰德软件股份有限公司 Cloud computing service providing method, device, equipment and readable storage medium
CN113660315B (en) * 2021-07-28 2023-12-01 北京宝兰德软件股份有限公司 Cloud computing service providing method, device, equipment and readable storage medium
CN114462069A (en) * 2022-04-12 2022-05-10 北京天维信通科技有限公司 Multi-level tenant resource access management method, system, intelligent terminal and storage medium
CN114462069B (en) * 2022-04-12 2022-07-22 北京天维信通科技有限公司 Multi-level tenant resource access management method, system, intelligent terminal and storage medium
WO2023216989A1 (en) * 2022-05-11 2023-11-16 华为技术有限公司 Method for converting file format, and electronic device

Also Published As

Publication number Publication date
US20110270886A1 (en) 2011-11-03

Similar Documents

Publication Publication Date Title
CN102236762A (en) Method for processing file access for multi-tenancy application and file agent device
CN103002029B (en) The management method of upper transmitting file, system and client
EP3023903B1 (en) Sharing data across profiles
CN110874236B (en) Cross-platform application device, terminal and storage medium
KR20110038053A (en) Computer application packages with customizations
CN103677935A (en) Installation and control method, system and device for application programs
CN109829286B (en) User authority management system and method for WEB application
CN103065074A (en) Uniform Resource Locator (URL) authority control method based on fine granularity
US20180054354A1 (en) Automated scripting for managed devices
EP1917579B1 (en) Schema packaging, distribution and availability
US11126460B2 (en) Limiting folder and link sharing
JP5971099B2 (en) Information processing apparatus, method, and program
US20140317704A1 (en) Method and system for enabling the federation of unrelated applications
KR101255137B1 (en) Contents Testing Policy and Distribution Method
CN103514395A (en) Plug-in right control method and system
Pecka et al. Privilege escalation attack scenarios on the devops pipeline within a kubernetes environment
WO2020063002A1 (en) Data management method and apparatus, and server
CN106936643B (en) Equipment linkage method and terminal equipment
CN108140095B (en) Distributed big data security architecture
US20180069859A1 (en) Mobile terminal and control method thereof
JP7135658B2 (en) Information processing system, information processing device and program
CN113065131A (en) Plug-in safety control method, device and storage medium
US20140280698A1 (en) Processing a Link on a Device
Sekar et al. Avoidance of security breach through selective permissions in android operating system
Yu et al. Research on credible demand analysis method based on risk driven mobile application software

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C05 Deemed withdrawal (patent law before 1993)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20111109